Deal Expands the Sophos Portfolio of Detection and Response Solutions and Services for Underprotected Server and Cloud Environments

OXFORD, U.K. — 七月 7, 2021 —

Sophos, a global leader in next-generation cybersecurity, today announced that it has acquired Capsule8, a pioneer and market leader of runtime visibility, detection and response for Linux production servers and containers covering on-premise and cloud workloads. Founded in 2016, Capsule8 is privately held and headquartered in New York, NY.

“Sophos already protects more than two million servers for over 85,000 customers worldwide, and the Sophos server security business is growing at more than 20% per year,” said Dan Schiappa, chief product officer, Sophos. “Comprehensive server protection is a crucial component of any effective cybersecurity strategy that organizations of all sizes are increasingly focused on, especially as more workloads move to the cloud. With Capsule8, Sophos is delivering advanced, differentiated solutions to protect server environments, and expanding its position as a leading global cybersecurity provider.”

Capsule8 is dedicated solely to the development of Linux security and has established itself as a technology and thought leader in the market, with marquis customer wins and billings growth of 77% in the year to March 31, 2021. Driven by the dramatic growth in cloud platforms, Linux has become the dominant operating system for server workloads. Capsule8’s high-performance, low-impact design is ideal for Linux servers, especially those used for high-scale workloads, production infrastructure and storing critical business data.

"The main idea behind Capsule8 is that providing enterprise-grade security for Linux systems requires deploying components that are designed specifically for that environment. These components are more adept at making the trade-offs between security and performance when needed, to achieve the desired levels of resilience and protection,” said Fernando Montenegro, principal research analyst with 451 Research, part of S&P Global Market Intelligence, in reference to Capsule8’s solutions.1 "As organizations move to embrace concepts such as cloud-based delivery and DevOps, the underlying compute environments shift noticeably toward Linux as a frequent execution environment. For security teams, often more familiar with Windows-centric concepts, this represents a potential challenge – there are different demands, concepts and practices for Linux. This is the space that Capsule8 aims to address with its endpoint security offering, combining an architecture optimized for Linux with more features aimed at enterprise security and IT operations teams."

Sophos is integrating Capsule8 technology into its recently launched Adaptive Cybersecurity Ecosystem (ACE), providing powerful and lightweight Linux server and cloud container security within this open platform. Sophos will also feature Capsule8 technology in its Extended Detection and Response (XDR) solutions, Intercept X server protection products, and Sophos Managed Threat Response (MTR) and Rapid Response services. This will further expand and enhance Sophos’ data lake and deliver continuous, fresh intelligence for advanced threat hunting, security operations and customer protection practices.

“Capsule8 is the premiere purpose-built detection and response platform for Linux. We provide security teams with the crucial visibility they need to protect Linux production infrastructure against unwanted behavior, while at the same time addressing cost, performance and reliability concerns,” said John Viega, CEO, Capsule8. “We’ve innovated new approaches to deliver runtime security in a much safer and more cost-effective way than anyone else in the industry. With Capsule8’s technology, organizations are no longer forced to choose between system stability and security risk. Given the growth and mission-critical nature of Linux environments, and the fast-changing, targeted threat landscape, organizations must be confident that their Linux environments are both performant and secure.”

SophosLabs threat intelligence reveals that adversaries are designing tactics, techniques and procedures (TTPs) aimed specifically at Linux systems, often exploiting server software as an initial entry point. After gaining a foothold, attackers commonly deploy scripts to perform further automated actions. These could include:

  • Dropping Secure Shell protocol (SSH) keys to gain direct access
  • Attempting to remove existing security services
  • Disabling Mandatory Access Control (MAC) frameworks, such as AppArmor and SELinux
  • Adjusting or disabling server firewall rules (iptables)
  • Installing post-exploit malware and configuration files
  • Moving laterally via existing infrastructure with living off the land tools, such as SSH, Chef, Ansible, Salt, and Puppet

Adversaries use compromised Linux servers as cryptomining botnets or as a high-end infrastructure for launching attacks on other platforms, such as hosting malicious websites or sending malicious emails. Given that Linux servers often hold valuable data, attackers also target them for data theft and ransomware.

“Attackers today are incredibly aggressive and nimble as they adapt their TTPs to focus on the easiest, largest or fastest-growing opportunities. As more organizations shift to Linux servers, adversaries have noticed, and they are adapting and customizing their approaches to attack these systems. To stay protected, organizations must factor in a strong, but lightweight layer of Linux security that automatically integrates and shares intelligence with endpoint, network and other security layers and platforms within an estate,” said Schiappa. “We will provide this industry-leading capability and strategically important visibility and detection by combining Capsule8 with our Adaptive Cybersecurity Ecosystem products and services, greatly enhancing the ability to find and eliminate suspicious activity before it becomes malicious.”

Sophos expects to begin early access programs with its products and services leveraging the Capsule8 technology later this fiscal year.

1 Coverage Initiation: As cloud workloads rise, Capsule8 aims for Linux-tailored security, 451 Research Impact Report, May 29, 2020

关于 Sophos

Sophos 是全球领先的网络安全公司,凭借其人工智能驱动的平台和专家主导的服务,保护着全球 60 万家组织的安全。Sophos 根据各组织在不同安全成熟度的各式各样的需求提供支持,并与其共同成长,携手应对日益严峻的网络攻击。其解决方案结合机器学习、自动化、实时威胁情报以及来自 Sophos X-Ops 的前线真人专家的专业知识,提供 24/7 全天候高级威胁监控、侦测与响应服务。
Sophos 提供行业领先的托管式侦测与响应 (MDR) 服务,同时配备一整套全面的网络安全技术组合,包括端点、网络、电子邮件和云安全、扩展式侦测与响应 (XDR)、身份辨识威胁侦测与响应 (ITDR),以及下一代 SIEM。结合专家咨询服务,这些能力帮助组织主动降低风险,并更迅速地响应,提供力求在不断变化的威胁面前保持领先所需的可见性和可扩展性。
Sophos 通过全球合作伙伴生态系统进入市场,包括托管式服务提供商 (MSPs)、托管式安全服务提供商 (MSSPs)、经销商、分销商、市场集成商以及网络风险合作伙伴,为组织提供灵活的选择,使其能够在保护业务安全的同时建立值得信赖的合作关系。  Sophos 总部位于英国牛津。如欲了解更多信息,请访问 www.sophos.cn。